MailEnable IMAP SELECT buffer overflow

Added: 12/01/2006
CVE: CVE-2006-6290
BID: 21362
OSVDB: 31698

Background

MailEnable is a mail server supporting SMTP and POP3 for Windows platforms. MailEnable Professional and MailEnable Enterprise also include IMAP and HTTPMail services.

Problem

A buffer overflow vulnerability in the IMAP service allows an authenticated attacker to execute arbitrary commands by sending a specially crafted SELECT command.

Resolution

Apply the latest hotfix for IMAP.

References

http://secunia.com/advisories/23080

Limitations

Exploit works on MailEnable Professional 2.32 with Patch ME-10018 and requires a valid IMAP login name, password, and post office name.

Platforms

Windows

Back to exploit index